Resilient Cyber Security and Privacy

Butler Lampson
CSTB Cyberforum
April 2015


Citation: Talk given at the April 2015 meeting of the Cyberforum, a round table of the Computer Science and Telecommunications Board of the National Academy of Sciences.

Links: Abstract, Acrobat, PowerPoint.

Email: This paper is at



We need to make cyber security and the privacy of personal data more resilient, rather than trying to make it more perfect. We need to limit our aspirations, so that we can have high confidence in the security of things that are really important instead of little confidence in the security of everything. For privacy, we need to establish regulations that compel data holders to respect people’s current wishes about how their data is used, and put technical infrastructure in place that makes it practical to obey these rules.